This invention relates to authentication of users of electronic information and transaction processing systems, and more specifically to systems and methods for authenticating users of program objects in distributed computing environments based on negotiated security contexts.
Many computer and communication systems restrict access to authorized users. As typically shown in FIG. 1, a user 110 accesses such a system 120 through a suitable interface such as a computer 130 executing a client application. The computer 130 and client application can communicate with the system 120 by either a direct connection or via the Internet using a convenient protocol such as http as illustrated by connection 140. In accessing the system 120, the client application recognizes that a user authentication process must be carried out as a threshold step, and thus the client application usually requests the user 110 to enter a logon ID and a password that uniquely identify the user 110 to the system 120. The logon ID and password are conventionally forwarded to a logon component 122 via an application server component 124 included in the system 120.
The logon component 122 compares the logon ID and password received from the user to an archive of logon IDs and passwords stored in a rules database 126. Upon finding a match with the forwarded logon ID, the logon component 122 retrieves the corresponding password from the rules database 126 and compares the retrieved password with the password forwarded by the user 110. If the passwords match, the logon component 122 sends an instruction or a message via the application server component 124 to the client application in computer 130 that indicates that the user 110 was properly identified and authenticated to proceed. This authentication step and/or subsequent instructions or messages may initiate a secure communication session using a convenient protocol such as https indicated by connection 150. Subsequent communication between the system 120 and computer 130 can then proceed in private.
Where encryption is employed, a client cryptographic token such as an electronic circuit card conforming to the standards of the PC Memory Card Interface Association (a PCMCIA card or PC Card) can be used in the computer 130. In general, a token is a portable transfer device that is used for transporting keys, or parts of keys. It will be understood that PC Cards are just one form of delivery mechanism; other kinds of tokens may also be used, such as those conforming to RSA Laboratories' software token Public-Key Cryptography Standard (PKCS) #12, floppy diskettes, and Smart Cards.
If the logon ID provided by the user 110 does not match an ID in the rules database 126 or if the password comparison fails, the logon component 122 typically sends a message or instruction through the application server component 124 to the client application to inform the user 110 that the submitted logon information was incorrect and to prompt the user to re-enter it. This process of entering and attempting to verify the logon information may be permitted to occur a few times, but in the event of repeated failure, the logon component 122 may finally reject further logon attempts by the user 110, direct the client application to inform the user 110 that the logon process has failed, terminate the communication session, and lock out the user from any further logon attempts.
A password is one form of identification that may be presented to the logon component 122 that authenticates the user's access rights, which may range from simply viewing selected records in the system 120 to performing all transactions permitted by the system 120. This kind of secured transaction processing is typically “state-full” in that it maintains, in the transaction session, the process state and content of the user's logon access information. Different transactions are typically implemented in modern distributed, nested, transaction processing systems by different program objects, e.g., applications or subroutines, that are substantially independent, even to the extent of executing on different processor hardware. For a user to migrate from one secured transaction to another, which is often necessary for even simple uses of today's systems, the user is generally required to logon (i.e., be authenticated) to each transaction, often with ID's and passwords unique to each transaction. This is because state-full systems impose state routing restrictions on users, and only sessions with particular restrictions can service a given user without having to close one program object and open another, with the corresponding requisite logon.
Besides the burden on system resources imposed by each logon, which requires access to and processing by a logon component and a rules database, state-full systems often compel each user to close one secured transaction (program object or application) before entering another, limiting the flexibility of the system from the user's perspective. In addition, if the path to the rules database is closed or if excessive traffic slows processing or access to any of the necessary components of the system, the user access to the desired application is compromised, even if the user's access is fully authorized. This becomes a significant problem for systems having many potential users because economics often limits the system resources that can be made available.
Another problem is that conventional enrollment systems can be viewed as “open doorways” into an otherwise protected application in that a successful logon provides a user full access to the application and a failed logon “slams the door” on access to the application. No middle ground is generally provided, whereby a properly identified user is provided partial access to an application or transaction.
Yet another problem with systems like that depicted in FIG. 1 is the vulnerability of such systems to a hacker's or a pirate's intercepting a user's logon information at any of several points and then gaining unauthorized access to a supposedly secure system, such as an online brokerage system. One countermeasure to such interception is the application of cryptography to the data being transmitted. Public-Key Cryptography (PKC), or asymmetric cryptography, is a form of data encryption that uses a pair of cryptographic keys, each pair having a public key that is used for encryption and a private (secret) key used for decryption. Exemplary PKC algorithms, which comply with contemporary government or commercial standards, are the Digital Signature Algorithm and the Rivest-Shamir-Adleman (RSA) algorithm. The alternative to PKC is a symmetric key cryptographic system that uses the same key for encryption and decryption. Exemplary symmetric systems are the Data Encryption Standard (DES) and its improvement, the Advanced Encryption Standard (AES), recently announced by the National Institute of Standards and Technology (NIST). Symmetric key cryptography is normally employed for encrypting large amounts of data since it is much faster than PKC, but PKC is still advantageously used for key distribution. Nevertheless, encrypting transmitted data may address privacy concerns in electronic commerce and communication, but encryption alone does not address the issues of integrity and authentication of the transmitted information.
In this application, “privacy” means the protection of a record from unauthorized access. “Integrity” means the ability to detect any alteration of the contents of a record or of the relative authority of a user to perform a transaction or access a record. “Authentication” means verification of the authority of a user to perform a transaction, use a system resource, or access an electronic record. It will be appreciated that “electronic record” and “record” mean information in any electronic form, regardless of type of medium or type of information. Thus, a record can be a tape cartridge, a voice transmission or recording, a video image, a multi-media object, a contract, metadata, a database of information, etc.
Integrity and authentication of information are typically handled by other cryptographic operations, in particular hashing the information to be protected and appending one or more digital signatures. In general, a one-way cryptographic function operates on the information and produces a “hash” or “message digest” in a way such that any change of the information produces a changed message digest. Since a different message digest is produced if even one bit of the information object is changed, the hash operation yields a strong integrity check. Known hashing algorithms are the Secure Hash Algorithm (SHA-1) and the Message Digest 5 (MD-5) algorithm, and new algorithms appear from time to time. Information is typically digitally signed by hashing the information, encrypting the resulting hash using the signer's private key, and appending the encrypted hash to the information. Thus, digital signatures are generated in a manner like PKC, but the keys are reversed: the encryption key is private and the decryption key is public; the digital signer signs information with the private key and a user can read the digital signature with the signer's public key. Since a digital signature is a non-forgeable data element attached or allocated to information that ties the signer to the information, the digital signature yields an authentication check. It will be appreciated that a digital signature differs from a holographic, or handwritten, signature and from a digitized holographic signature, which is a handwritten signature that has been captured electronically.
The uses of digital signatures typically involve uses of authentication certificates, which are non-forgeable, digitally signed data elements that bind the signers' identity information to the signers' public-key information. Authentication certificates have been standardized by the International Telecommunications Union (ITU) under International Standard X.509, as documented in “The Directory-Authentication Framework” (1988) and as interpreted by the Internet Engineering Task Force Public Key Infrastructure X.509 recommendations. An authentication certificate is digitally signed and issued by a Certification Authority that is responsible for ensuring the unique identification of all users. Each authentication certificate typically includes the following critical information needed in the signing and verification processes: a certificate version number, a serial number, identification of the Certification Authority that issued the certificate, identifications of the issuer's hash and digital signature algorithms, a validity period, a unique identification of the user who owns the certificate, and the user's public cryptographic signature verification key. A signer's authentication certificate may be appended to information to be protected with the user's digital signature so that it is possible for others to verify the digital signature.
Single-logon methods have been implemented in which a logon component returns a “cookie” or token to a client application that allows the client application system-wide logon in a distributed computing environment. One example of this is the SITEMINDER software product made by Netegrity, Inc., Waltham, Mass., and described at www.netegrity.com. Such single-logon methods avoid the need for repeated logons, but have severe limitations when used with state-less computing environment components.
U.S. Pat. No. 5,757,920 for “Logon Certification” and U.S. Pat. No. 5,999,711 for “Method and System for Providing Certificates Holding Authentication and Authorization Information for Users/Machines”, both to Misra et al., describe logon certificates that are provided to support disconnected operation in distributed computing systems. Each logon certificate is a secure package holding credentials information sufficient to establish the identity and rights and privileges for a user or a machine in a domain that is not the user's/machine's home domain.
U.S. Pat. No. 5,241,594 to Kung for “One-Time Logon Means and Methods for Distributed Computing Systems” describes storing password files in all networked computers in a distributed system and, after a user logs on to a computer, forwarding authentication information to a second computer using a secure transport layer protocol if the user wishes to use services at the second computer. The second computer compares the user's authentication information it receives with the user's authentication information it stores, and if the information matches, the user is logged on to the second computer.
Other logon methods and systems are described in U.S. Pat. No. 5,655,077 to Jones et al. for “Method and System for Authenticating Access to Heterogeneous Computing Services”; U.S. Pat. No. 5,689,638 to Sadovsky for “Method for Providing Access to Independent Network Resources by Establishing Connection Using an Application Programming Interface Function Call Without Prompting the User for Authentication Data”; U.S. Pat. No. 5,768,504 to Kells et al. for “Method and Apparatus for a System Wide Logan [sic] in a Distributed Computing Environment”; U.S. Pat. No. 5,774,650 to Chapman et al. for “Control of Access to a Networked System”; U.S. Pat. No. 5,884,312 to Dustan et al. for “System and Method for Securely Accessing Information from Disparate Data Sources through a Network”; and U.S. Pat. No. 6,178,511 to Cohen et al. for “Coordinating User Target Logons in a Single Sign-On (SSO) Environment”.
The problems with systems like that shown in FIG. 1 are keenly felt in many computer and communication systems, including as just one example those employed in electronic commerce. As paper documents that have traditionally recorded transactions, such as the purchase of an object, the withdrawal of bank funds, or the execution of a contract, are replaced by electronic records, serious issues of physical control of the electronic records and access to them are raised. Systems and methods for providing a verifiable chain of evidence and security for the transfer and retrieval of electronic records and other information objects in digital formats have been described in U.S. Pat. No. 5,615,268; U.S. Pat. No. 5,748,738; and U.S. Pat. No. 6,237,096; all to Bisbee et al., and U.S. patent application Ser. No. 09/452,928, filed on Dec. 2, 1999, and Ser. No. 09/737,325, filed on Dec. 14, 2000, both by Bisbee et al. These patents and applications are expressly incorporated here by reference, and describe among other things flexible business rules that enable users to have roles that are required or enabled only at particular points in a transaction or process. For example, a user may have a role of title agent only after a transaction has closed.
Such work flows and processes can be more complex than those typically associated with single-logon techniques. Moreover, many electronic records available to online inquiry are neither encrypted, nor hashed, nor digitally signed since to do so increases the processing time and resources needed for authorized users to access such information.